CVE-2026-40989 Self Routing guard bypassed via function composition

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

Unity Linux 20.1070e Security Update: netty (UTSA-2026-017795)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017795 advisory. The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large...

GHSA-86WQ-234Q-R6WG Spring Cloud Config Server Susceptible To TOCTOU Attack

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

EUVD-2019-2113

Malware in sbrugna...

EUVD-2021-15911

Malware in sbrugna...

EUVD-2022-5148

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-36306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the backurl field. CVE-2020-36306 Note that Nessus relies on the presence of the package as reported by...

Linux Distros Unpatched Vulnerability : CVE-2020-11612

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large...

Moodle 4.1.x < 4.1.13 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.13, 4.2.x prior to 4.2.10, 4.3.x prior to 4.3.7, or 4.4.x prior to 4.4.3. It is, therefore, affected by multiple vulnerabilities. - A lesson activity password bypass through PHP loose...

Moodle 4.3.x < 4.3.7 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.13, 4.2.x prior to 4.2.10, 4.3.x prior to 4.3.7, or 4.4.x prior to 4.4.3. It is, therefore, affected by multiple vulnerabilities. - A lesson activity password bypass through PHP loose...

CVE-2023-49952

Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header...

Dell Enterprise SONiC OS 操作系统命令注入漏洞

Dell Enterprise SONiC OS Dell Enterprise Sonic Operating System is an open-source network operating system from Dell, USA. An operating system command injection vulnerability exists in Dell Enterprise SONiC OS versions 4.1. x and 4.2.x. The vulnerability stems from improper neutralization of...

Django 3.2.x < 3.2.20, 4.1.x < 4.1.10, 4.2.x < 4.2.3 ReDoS Vulnerability - Windows

Django is prone to a regular expression denial of service ReDoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SPIP 3.2.x < 3.2.17, 4.x < 4.0.9, 4.1.x < 4.1.7 SQLi Vulnerability

SPIP is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip"; ifdescription...

K16873: ISC DHCP vulnerability CVE-2012-3955

Security Advisory Description ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service daemon crash in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. CVE-2012-3955...

Moodle 4.1.x < 4.1.1 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.19, 3.11.x prior to 3.11.12, 4.0.x prior to 4.0.6 or 4.1.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability due to the lack of sanitization of some returnurl...

SUSE CVE-2019-10053

An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \r results in an integer underflow...

WordPress 4.1.x < 4.1.37 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS via wp-mail.php post by email. - An open redirect in wpnonceays. - Sender's email address is exposed in wp-mail.php. - A Cross-Site...

phpMyAdmin cross-site scripting Vulnerability in Table or Column Names

Multiple cross-site scripting XSS vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 table name or 2 column name that is improperly handled...